<?php 
include('header.php');

// check if user has access to this page
if ($authrow['level'] != 1) { header('Location: denied.php'); }

// get posted vars and update db (add username/level)
if ((isset($_POST['username'])) && (isset($_POST['level']))) {
        $username = $_POST['username'];
        $level = $_POST['level'];

        $check = mysql_fetch_array(mysql_query('SELECT username FROM user WHERE username=\'' . $username . '\''));
        if (!$check['username']) {
                mysql_query('INSERT INTO user (username,level) VALUES (\'' . $username . '\',' . $level . ')');
                $password = randPass();
		
		$msg = '<div class="updated">The user was created.</div>';
        } else {
		$msg = '<div class="error">The user was not created.  The message was `user already exists`.</div>';
        }
}

// get posted vars and update db (delete/admin/view/enable/disable)
if (isset($_POST['uAction'])) {
        $uAction = $_POST['uAction'];
	$id = $_POST['id'];
        if ($uAction == 2) {
                mysql_query('DELETE FROM user WHERE id=' . $id);
		$msg = '<div class="updated">The user was deleted.</div>';
        } elseif (($uAction == 0) || ($uAction == 1)) {
                mysql_query('UPDATE user SET disabled=' . $uAction . ' WHERE id=' . $id);
		if ($uAction == 0) {
			$msg = '<div class="updated">The user was enabled.</div>';
		} else {
			$msg = '<div class="updated">The user was disabled.</div>';
		}
        } elseif (($uAction == 3) || ($uAction == 4)) {
                $uAction = ($uAction - 3);
                mysql_query('UPDATE user SET level=' . $uAction . ' WHERE id=' . $id);
		if ($uAction == 0) {
                        $msg = '<div class="updated">The user has been made a Viewer.</div>';
                } else {
                        $msg = '<div class="updated">The user has been made an Admin.</div>';
                }
        }
}

# Query db for user information
$users = mysql_query('SELECT * FROM user ORDER BY username ASC'); 
?>
<h2>User Management</h2>
<h3><a href="#users">Current Users</a> | <a href="#add">Add User</a></h3>
<?php // echo message if is set ?>
<?php if (isset($msg)) { echo $msg; } ?>
<hr />
<h3><a name="users"</a>Current Users <small><small><a href="#top">_top_</a></small></small></h3>
<span class="green_bg width125">Enabled</span>
<span class="red_bg width125">Disabled</span>
<br /><br />
<table class="bigtable">
        <tbody>
                <tr class="row1 bold">
                        <td>Username</td>
			<td>Access Level</td>
                        <td>Status</td>
                        <td>Action</td>
                </tr>
                <?php $n = 0; ?>
                <?php while($usersrow = mysql_fetch_array($users)){ ?>
                <?php $id = $usersrow['id']; ?>
                <?php $username = $usersrow['username']; ?>
		<?php $level = $usersrow['level']; ?>
                <?php $disabled = $usersrow['disabled']; ?>
                <?php
                if($n % 2 == 1) {
                        $row_class = 'row1';
                } else {
                        $row_class = 'row2';
                }
                ?>
                <tr class="<?php echo $row_class; ?>">
                        <td class="<?php if ($disabled == 0) { echo 'green_bg'; } else { echo 'red_bg'; } ?>"><a href="usrinfo.php?id=<?php echo $id; ?>"><?php echo $username; ?></a></td>
			<td><?php if ($level == 0) { echo "View"; } elseif ($level == 1) { echo 'Admin'; } ?></td>
                        <td><?php if ($disabled == 0) { echo "Enabled"; } else { echo "Disabled"; } ?></td>
                        <td>
				<?php // create form for each user with unique form name ?>
                                <form name="uAction<?php echo $id; ?>" action="users.php" method="post" onsubmit="saveScrollCoordinates()">
                                        <select name="uAction" onchange="uAction<?php echo $id; ?>.submit();">
                                                <option selected="selected">None</option>
                                                <option value="2">Delete</option>
                                                <option value="1">Disable</option>
                                                <option value="0">Enable</option>
						<option value="4">Make Admin</option>
						<option value="3">Make Viewer</option>
                                        </select>
                                        <input type="hidden" name="id" value="<?php echo $id; ?>" />
                                </form>
                        </td>
                </tr>
                <?php $n++; ?>
                <?php } ?>
        </tbody>
</table>
<br />
<hr />
<h3><a name="add"></a>Add User <small><small><a href="#top">_top_</a></small></small></h3>
<form action="users.php" method="post">
        Username: <input name="username" type="text" size="32" />
	Level   : <select name="level">
			<option value="0" selected="selected">View</option>
			<option value="1">Admin</option>
                  </select>
        <input type="submit" value="Submit" />
</form>
<br />
<hr />


<?php include('footer.php'); ?>

<?php
// function for generating a random pass (not in use currently)
function randPass() {
    $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '' ;
    while ($i <= 7) {
        $num = rand() % 33;
        $tmp = substr($chars, $num, 1);
        $pass = $pass . $tmp;
        $i++;
    }
    return $pass;
}
?>
